Vulnerability Description
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Acftp | Acftp | 1.4 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0088.html
- http://securityreason.com/securityalert/3334
- http://www.iss.net/security_center/static/10681.php
- http://www.securityfocus.com/archive/1/300929
- http://www.securityfocus.com/bid/6235Exploit
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0088.html
- http://securityreason.com/securityalert/3334
- http://www.iss.net/security_center/static/10681.php
- http://www.securityfocus.com/archive/1/300929
- http://www.securityfocus.com/bid/6235Exploit
FAQ
What is CVE-2002-2417?
CVE-2002-2417 is a vulnerability with a CVSS score of 10.0 (HIGH). acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and pos...
How severe is CVE-2002-2417?
CVE-2002-2417 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2417?
Check the references section above for vendor advisories and patch information. Affected products include: Acftp Acftp.